J
John Childress
Anyone using the Security Application Block from the Enterprise Library?
I have a rather embarassing situation where I've setup the database and
configured my application to use this block. I have added users to the database
using a web form, but I am unable to login using any of the new users I've
created.
Here is how I'm creating the user:
public bool addNewUser(string username, string password, string firstName,
string lastName, string email)
{
byte[] encryptedContents;
encryptedContents = SHA1Managed.Create().ComputeHash(ASCIIEncoding.ASCII.GetBytes(password));
// Create an instance of the database object
Database database = DatabaseFactory.CreateDatabase();
// Create the wrapper
DBCommandWrapper addNewUserWrapper = database.GetStoredProcCommandWrapper("AddNewUser");
// Setup the parameters
addNewUserWrapper.AddInParameter("@username", DbType.String, username);
addNewUserWrapper.AddInParameter("@password", DbType.Binary, encryptedContents);
addNewUserWrapper.AddInParameter("@firstname", DbType.String, firstName);
addNewUserWrapper.AddInParameter("@lastname", DbType.String, lastName);
addNewUserWrapper.AddInParameter("@email", DbType.String, email);
// Execute the query
database.ExecuteNonQuery(addNewUserWrapper);
return true;
}
Then in my login page I try to authenticate with the following:
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
// Get the provider to authenticate with
IAuthenticationProvider authenticationProvider = AuthenticationFactory.GetAuthenticationProvider("Database
Provider");
// An identity for later use
IIdentity identity;
byte[] passwordBytes;
passwordBytes = ASCIIEncoding.ASCII.GetBytes(txtPassword.Text);
// Create the credentials
NamePasswordCredential credentials = new NamePasswordCredential(txtUsername.Text,
passwordBytes);
// authenticate
if(authenticationProvider.Authenticate(credentials, out identity))
{
// log the users access time
logUserAccessTime(txtUsername.Text);
// Authorize and redirect the user
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(identity.Name,
false);
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed.";
}
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed. Page is not valid.";
}
}
I always get "Login failed." for my error...
Any suggestions?
thanks,
John
I have a rather embarassing situation where I've setup the database and
configured my application to use this block. I have added users to the database
using a web form, but I am unable to login using any of the new users I've
created.
Here is how I'm creating the user:
public bool addNewUser(string username, string password, string firstName,
string lastName, string email)
{
byte[] encryptedContents;
encryptedContents = SHA1Managed.Create().ComputeHash(ASCIIEncoding.ASCII.GetBytes(password));
// Create an instance of the database object
Database database = DatabaseFactory.CreateDatabase();
// Create the wrapper
DBCommandWrapper addNewUserWrapper = database.GetStoredProcCommandWrapper("AddNewUser");
// Setup the parameters
addNewUserWrapper.AddInParameter("@username", DbType.String, username);
addNewUserWrapper.AddInParameter("@password", DbType.Binary, encryptedContents);
addNewUserWrapper.AddInParameter("@firstname", DbType.String, firstName);
addNewUserWrapper.AddInParameter("@lastname", DbType.String, lastName);
addNewUserWrapper.AddInParameter("@email", DbType.String, email);
// Execute the query
database.ExecuteNonQuery(addNewUserWrapper);
return true;
}
Then in my login page I try to authenticate with the following:
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(Page.IsValid)
{
// Get the provider to authenticate with
IAuthenticationProvider authenticationProvider = AuthenticationFactory.GetAuthenticationProvider("Database
Provider");
// An identity for later use
IIdentity identity;
byte[] passwordBytes;
passwordBytes = ASCIIEncoding.ASCII.GetBytes(txtPassword.Text);
// Create the credentials
NamePasswordCredential credentials = new NamePasswordCredential(txtUsername.Text,
passwordBytes);
// authenticate
if(authenticationProvider.Authenticate(credentials, out identity))
{
// log the users access time
logUserAccessTime(txtUsername.Text);
// Authorize and redirect the user
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(identity.Name,
false);
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed.";
}
}
else
{
lblError.Visible = true;
lblError.Text = "Login failed. Page is not valid.";
}
}
I always get "Login failed." for my error...
Any suggestions?
thanks,
John